Summary: | <dev-libs/apr-util-1.3.5: Off-by-one in apr_brigade_vprintf() (CVE-2009-1956) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Duncan Exon Smith <duncanphilipnorman> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | minor | CC: | apache-bugs | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://svn.apache.org/viewvc?view=rev&revision=768417 | ||||||
Whiteboard: | B3 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | 272260 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Duncan Exon Smith
2009-05-04 17:47:27 UTC
Created attachment 190333 [details, diff] Patch to remove an unnessary null terminator that causes a buffer overflow. Here is the patch I applied locally. It's the same as the following commit to the apr trunk: http://svn.apache.org/viewvc/apr/apr/trunk/buckets/apr_brigade.c?r1=768417&r2=768416&pathrev=768417 dev-libs/apr-1.3.5 was released on 2009-06-05. dev-libs/apr-util-1.3.7 was released on 2009-06-05. ====================================================== Name: CVE-2009-1956 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956 Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input. dev-libs/apr-1.3.5 and dev-libs/apr-util-1.3.7 are now in the tree. GLSA together with bug 272260. GLSA 200907-03 |